package cn.jbolt.core.Interceptor;

import cn.jbolt.core.cache.JBoltPermissionCache;
import cn.jbolt.core.model.Permission;
import cn.jbolt.core.permission.*;
import cn.jbolt.core.util.JBoltArrayUtil;
import com.jfinal.core.Controller;
import com.jfinal.kit.StrKit;

import java.lang.reflect.Method;
import java.util.Set;

/**
 * 权限检查
 *
 * @author 小木
 *
 */
public class JBoltSecurityCheck {
	/**
	 * 判断有无注解
	 *
	 * @param method
	 * @return
	 */
	public static boolean isNoAnnotation(Method method) {
		return JBoltArrayUtil.isEmpty(method.getAnnotations());
	}

	/**
	 * 判断method在saas模式下必须校验租户的permission
	 * 必须有@checkPermission注解
	 *
	 * @param method
	 * @return
	 */
	public static boolean isMustCheckSaasTenantPermission(Method method) {
		return method.isAnnotationPresent(MustCheckSaasTenantPermission.class);
	}
	/**
	 * 判断method在saas模式下只能总平台访问 租户不能访问
	 *
	 * @param method
	 * @return
	 */
	public static boolean isOnlySaasPlatform(Method method) {
		return method.isAnnotationPresent(OnlySaasPlatform.class);
	}
	/**
	 * 判断是不是Uncheck
	 *
	 * @param method
	 * @return
	 */
	public static boolean isUncheck(Method method) {
		return method.isAnnotationPresent(UnCheck.class);
	}

	/**
	 * 判断整个Controller是不是Uncheck
	 *
	 * @param controller
	 * @return
	 */
	public static boolean isUncheck(Controller controller) {
		return controller.getClass().isAnnotationPresent(UnCheck.class);
	}

	/**
	 * 判断整个Controller在saas模式下只能总平台访问 租户不能访问
	 *
	 * @param controller
	 * @return
	 */
	public static boolean isOnlySaasPlatform(Controller controller) {
		return controller.getClass().isAnnotationPresent(OnlySaasPlatform.class);
	}

	/**
	 * 判断Method是否需要check校验权限
	 *
	 * @param method
	 * @return
	 */
	public static boolean isPermissionCheck(Method method) {
		return method.isAnnotationPresent(CheckPermission.class);
	}

	/**
	 * 判断整个controller是否需要校验权限
	 *
	 * @param controller
	 * @return
	 */
	public static boolean isPermissionCheck(Controller controller) {
		return controller.getClass().isAnnotationPresent(CheckPermission.class);
	}

	/**
	 * 判断controller或者method上是否设置了超管忽略
	 *
	 * @param controller
	 * @param method
	 * @return
	 */
	public static boolean isUncheckIfSystemAdmin(Controller controller, Method method) {
		return controller.getClass().isAnnotationPresent(UnCheckIfSystemAdmin.class)
				|| method.isAnnotationPresent(UnCheckIfSystemAdmin.class);
	}

	/**
	 * 检测keys是否在用户携带权限里存在
	 *
	 * @param checkAll
	 * @param roleIds
	 * @param permissionKeys
	 * @return
	 */
	public static boolean checkHasPermission(boolean checkAll, String roleIds, String... permissionKeys) {
		if (StrKit.isBlank(roleIds) || permissionKeys == null || permissionKeys.length == 0) {
			return false;
		}
		return checkHasPermission(checkAll, JBoltPermissionCache.me.getRolePermissionKeySet(roleIds), permissionKeys);
	}

	/**
	 * 检测keys是否在用户携带权限里存在
	 *
	 * @param checkAll
	 * @param permissionKeyset
	 * @param permissionKeys
	 * @return
	 */
	public static boolean checkHasPermission(boolean checkAll, Set<String> permissionKeyset, String... permissionKeys) {
		if (permissionKeyset == null || permissionKeyset.isEmpty() || permissionKeys == null
				|| permissionKeys.length == 0) {
			return false;
		}
		if (checkAll) {
			// 检测所有 就是只要有一个不行就都不行
			for (String permissionKey : permissionKeys) {
				if (!permissionKeyset.contains(permissionKey)) {
					return false;
				}
			}
			return true;
		}

		// 只要有一个存在就可以
		for (String permissionKey : permissionKeys) {
			if (permissionKeyset.contains(permissionKey)) {
				return true;
			}
		}

		return false;
	}

	/**
	 * 检测是否是超管默认权限
	 *
	 * @param checkAll
	 * @param permissionKeys
	 * @return
	 */
	public static boolean checkIsSystemAdminDefaultPermission(boolean checkAll, String... permissionKeys) {
		if (JBoltArrayUtil.isEmpty(permissionKeys)) {
			return false;
		}

		int count = permissionKeys.length;
		if (count == 1) {
			// 当只传了一个 就判断这个是不是超管默认 是就返回true
			Permission permission = JBoltPermissionCache.me.getByKey(permissionKeys[0]);
			return (permission != null && permission.getIsSystemAdminDefault());
		}
		// 多个的时候就得判断checkAll
		Permission permission;
		if (checkAll) {
			for (String permissionKey : permissionKeys) {
				permission = JBoltPermissionCache.me.getByKey(permissionKey);
				// 检测all 但是只要有一个不是的 就返回false
				if (permission == null || !permission.getIsSystemAdminDefault()) {
					return false;
				}
			}
			return true;
		}

		// 检测只要一个符合条件就是true
		for (String permissionKey : permissionKeys) {
			permission = JBoltPermissionCache.me.getByKey(permissionKey);
			if (permission != null && permission.getIsSystemAdminDefault()) {
				return true;
			}
		}

		return false;
	}

}
